Skip to content

Commit

Permalink
Remove session cooky after request has been processed. This caused ob…
Browse files Browse the repository at this point in the history 
…scure bug in DGU when you tried to save the session straight in the next request after deleting it. If you check after the request is done, then you take account of the wishes in that request. Therefore you also do not need the check to see if you are on a particular page that might create the session.
  • Loading branch information
David Read committed May 1, 2012
1 parent 5c72aa3 commit cc6ab63
Showing 1 changed file with 31 additions and 31 deletions.
62 changes: 31 additions & 31 deletions ckan/lib/base.py
View file
Expand Up @@ -187,41 +187,41 @@ def __call__(self, environ, start_response):
# the request is routed to. This routing information is
# available in environ['pylons.routes_dict']

try:
res = WSGIController.__call__(self, environ, start_response)
finally:
model.Session.remove()

# Clean out any old cookies as they may contain api keys etc
# This also improves the cachability of our pages as cookies
# prevent proxy servers from caching content unless they have
# been configured to ignore them.
# we do not want to clear cookies when setting the user lang
if not environ.get('PATH_INFO').startswith('/user/set_lang'):
for cookie in request.cookies:
if cookie.startswith('ckan') and cookie not in ['ckan']:
response.delete_cookie(cookie)
# Remove the ckan session cookie if not used e.g. logged out
elif cookie == 'ckan' and not c.user:
# Check session for valid data (including flash messages)
# (DGU also uses session for a shopping basket-type behaviour)
is_valid_cookie_data = False
for key, value in session.items():
if not key.startswith('_') and value:
is_valid_cookie_data = True
break
if not is_valid_cookie_data:
if session.id:
if not session.get('lang'):
self.log.debug('No session data any more - deleting session')
self.log.debug('Session: %r', session.items())
session.delete()
else:
response.delete_cookie(cookie)
self.log.debug('No session data any more - deleting session cookie')
# Remove auth_tkt repoze.who cookie if user not logged in.
elif cookie == 'auth_tkt' and not session.id:
response.delete_cookie(cookie)

try:
return WSGIController.__call__(self, environ, start_response)
finally:
model.Session.remove()
for cookie in request.cookies:
if cookie.startswith('ckan') and cookie not in ['ckan']:
response.delete_cookie(cookie)
# Remove the ckan session cookie if not used e.g. logged out
elif cookie == 'ckan' and not c.user:
# Check session for valid data (including flash messages)
# (DGU also uses session for a shopping basket-type behaviour)
is_valid_cookie_data = False
for key, value in session.items():
if not key.startswith('_') and value:
is_valid_cookie_data = True
break
if not is_valid_cookie_data:
if session.id:
if not session.get('lang'):
self.log.debug('No session data any more - deleting session')
self.log.debug('Session: %r', session.items())
session.delete()
else:
response.delete_cookie(cookie)
self.log.debug('No session data any more - deleting session cookie')
# Remove auth_tkt repoze.who cookie if user not logged in.
elif cookie == 'auth_tkt' and not session.id:
response.delete_cookie(cookie)

return res

def __after__(self, action, **params):
self._set_cors()
Expand Down

0 comments on commit cc6ab63

Please sign in to comment.